cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
502
Views
3
Helpful
11
Replies

SRTP config

Paul Austin
Level 4
Level 4

Hi All, I'm trying to establish a SIP trunk to an ITSP using TLS and SRTP. We think we have done all the trust point stuff and TLS seems to be OK. However, I'll a little lost on the SRTP. Looking at several guides looks like a few different methods. So I have a C2900 - yes I know its old and should be used but that's what I have and its temporary until we get something else. Anyhow, following https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/voice/sip/configuration/15-mt/sip-config-15-mt-book/voi-sip-srtp.html#GUID-E555BCFF-389A-4C64-8CE6-7CC097AB15D4 I could deduce from the debug files -

098733: Apr 18 12:24:10.567: //62416/2BE66E800003/SIP/Error/sipSPI_sip_CheckAndReserveTranscoder:
Xcoder reservation failed and srtp fallback not possible. Disconnect the call.
098734: Apr 18 12:24:10.567: //62416/2BE66E800003/SIP/Error/sipSPI_sip_CheckAndReserveTranscoder:
filter mis-match or srtp rtp fallback failed, failing call

 

The outbound dial-peer -

dial-peer voice 2 voip
description Outbound PSTN calls via Anonymous
translation-profile outgoing Add_+44
huntstop
destination-pattern XXXXXXXXXXX
session protocol sipv2
session transport tcp tls
session server-group 2
voice-class codec 1
voice-class sip early-offer forced
voice-class sip profiles 2
voice-class sip bind control source-interface GigabitEthernet0/1
voice-class sip bind media source-interface GigabitEthernet0/1
dtmf-relay rtp-nte sip-notify
srtp
fax rate 9600
ip qos dscp cs5 media
ip qos dscp cs3 signaling
no vad

 

That secure transcoder resources weren't working. I did configure them -

sccp ccm group 1
bind interface GigabitEthernet0/0
associate ccm 1 priority 1
associate ccm 2 priority 2
associate profile 3 register Gateway_1_secur
associate profile 1 register Gateway1_XCODE

!

dspfarm profile 3 transcode universal security
trustpoint CUBE_CERT
codec g729abr8
codec g729ar8
codec g711alaw
codec g711ulaw
maximum sessions 50
associate application SCCP

 

BUT the transcoder never registers with callmanager - should it? Anything obvious I have done wrong here? Will I need to add the root and intermediate certs to the Callmanager-trust areas on CUCM? I am wanting to use non-secure RTP between CUCM and CUBE but will I need other CUCM config?

 

Thanks as always

 

1 Accepted Solution

Accepted Solutions

Thanks - see that is different to the document in the OP. So the following would suffice? Yes I do have PVDM resource.

dspfarm profile 3 transcode universal security
trustpoint sip-trustpoint
codec g729abr8
codec g729ar8
codec g711alaw
codec g711ulaw
maximum sessions 50

View solution in original post

11 Replies 11

b.winter
VIP
VIP

IIRC, you don't need an SCCP ressources. Not even registered to CUCM.
But you need PVDM ressources available for encrypting the traffic.

But it would be helpful if you would post the full config.

Thanks - see that is different to the document in the OP. So the following would suffice? Yes I do have PVDM resource.

dspfarm profile 3 transcode universal security
trustpoint sip-trustpoint
codec g729abr8
codec g729ar8
codec g711alaw
codec g711ulaw
maximum sessions 50

I've found this example config in an old forum post, maybe it helps.

Thanks for the info, I did have some thoughts on how to make the connection between the trustpoint and the transcoder resource and it was in fact adding the secure part to the transcoder config. All good now. My audio was just firewall as suspected.

Thanks

Are you sure on the PVDM being needed? We run a few SBCs on virtual machines and those do TLS/SRTP, none of them have any DSPs in them.



Response Signature


Interesting but I get the following which indicates transcoder is required so need PVDM. I think you may be using IRS 4XXX or suchlike as I get the impression things change for those later models than my 2900

098733: Apr 18 12:24:10.567: //62416/2BE66E800003/SIP/Error/sipSPI_sip_CheckAndReserveTranscoder:
Xcoder reservation failed and srtp fallback not possible. Disconnect the call.

 

 

For 29xx routers yes. For 4k or 8k routers and the virtual ones you don't need it anymore.

Hopefully you can see something in here :-

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2024.04.18 14:11:45 =~=~=~=~=~=~=~=~=~=~=~=
sh run
Building configuration...






Current configuration : 26665 bytes
!
! Last configuration change at 14:04:44 GMT Thu Apr 18 2024 by admin
! NVRAM config last updated at 20:00:44 GMT Wed Apr 17 2024 by svc_cisco
!
version 15.7
service timestamps debug datetime msec localtime
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname IPTGATEWAY1
!
boot-start-marker
boot system flash:c2900-universalk9-mz.SPA.157-3.M8.bin
boot-end-marker
!
!
card type e1 0 0
logging buffered 10000000
no logging console
no logging monitor
!
no aaa new-model
clock timezone GMT 0 0
clock summer-time GMT recurring
network-clock-participate wic 0
network-clock-select 1 E1 0/0/0
!
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
ip domain name XXXXXXXXXXXX
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
isdn switch-type primary-net5
!
cts logging verbose
!
crypto pki trustpoint sip-trustpoint
enrollment pkcs12
revocation-check crl
rsakeypair sip-trustpoint
!
crypto pki trustpoint CUBE_CERT
enrollment terminal
serial-number none
fqdn IPTGATEWAY1.XXXXXXXXXX
ip-address none
subject-name cn=IPTGATEWAY1.XXXXXXXXXXXXXX,O=XXXXXXX,C=GB
subject-alt-name IPTGATEWAY1.XXXXXXXXXXXXXXXX
revocation-check none
rsakeypair GTTRSAKey
!
crypto pki trustpoint TP_DigiCert_Global_Root_G2
enrollment terminal
revocation-check none
!
crypto pki trustpoint TP_GeoTrust_TLS_RSA_CA_G1
enrollment terminal
revocation-check none
!
!
crypto pki certificate chain sip-trustpoint
certificate 0F65DF4EAB0C29589355440F821F5470
308206D9 308205C1 A0030201 0202100F 65DF4EAB 0C295893 55440F82 1F547030
0D06092A 864886F7 0D01010B 05003059 310B3009 06035504 06130255 53311530
13060355 040A130C 44696769 43657274 20496E63 31333031 06035504 03132A44
69676943 65727420 476C6F62 616C2047 3220544C 53205253 41205348 41323536
20323032 30204341 31301E17 0D323330 39323530 30303030 305A170D 32343130
32353233 35393539 5A305531 0B300906 03550406 13024742 310E300C 06035504
07130545 70736F6D 31193017 06035504 0A131054 6F796F74 6128472E 422E2920
504C4331 1B301906 03550403 0C122A2E 7467622E 746F796F 74612E63 6F2E756B
30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101
00AA9FED DFE13063 BDD3C3BE B5BFA831 DB22CCEF 1492C89F 01E7B520 4BC06392
3836AE99 41905A2F 798DADCD 8CFBB555 3EEE0814 4F6DCFB0 699C5B45 E4205752
A65C613F 23E8936D 7E36D34B CEB661A1 E15FD820 D6CABA31 0544F1F8 05BD9A2E
09A0BC84 1F0DD3AB 5ADBDF36 32B81CB7 149E6346 6CD22A00 87361825 DF1D7410
E4FF0130 9FACCF33 CE761F34 6B0AFDF0 0E3B4376 72C82F9D C7CAD911 C7BDC645
08B426C1 A955E475 B1EB590C 2172D922 FD010615 E7D95D47 68ECAC6B C6DF7D69
A0B17FAA B690E501 7F66AAB6 F2DB60EE BA06EA61 76781824 5C66CDF0 0EF30D3F
CDD66B9B 4981CE22 FB00053A DFDD3593 0C7B2CDD B9DC4BF4 90F77539 A8236DFB
FB020301 0001A382 039F3082 039B301F 0603551D 23041830 16801474 8580C066
C7DF37DE CFBD2937 AA031DBE EDCD1730 1D060355 1D0E0416 041443B4 0CBD9304
70164FB1 467071BC 29F5B7C5 30DB302F 0603551D 11042830 2682122A 2E746762
2E746F79 6F74612E 636F2E75 6B821074 67622E74 6F796F74 612E636F 2E756B30
3E060355 1D200437 30353033 06066781 0C010202 30293027 06082B06 01050507
0201161B 68747470 3A2F2F77 77772E64 69676963 6572742E 636F6D2F 43505330
0E060355 1D0F0101 FF040403 0205A030 1D060355 1D250416 30140608 2B060105
05070301 06082B06 01050507 03023081 9F060355 1D1F0481 97308194 3048A046
A0448642 68747470 3A2F2F63 726C332E 64696769 63657274 2E636F6D 2F446967
69436572 74476C6F 62616C47 32544C53 52534153 48413235 36323032 30434131
2D312E63 726C3048 A046A044 86426874 74703A2F 2F63726C 342E6469 67696365
72742E63 6F6D2F44 69676943 65727447 6C6F6261 6C473254 4C535253 41534841
32353632 30323043 41312D31 2E63726C 30818706 082B0601 05050701 01047B30
79302406 082B0601 05050730 01861868 7474703A 2F2F6F63 73702E64 69676963
6572742E 636F6D30 5106082B 06010505 07300286 45687474 703A2F2F 63616365
7274732E 64696769 63657274 2E636F6D 2F446967 69436572 74476C6F 62616C47
32544C53 52534153 48413235 36323032 30434131 2D312E63 7274300C 0603551D
130101FF 04023000 3082017D 060A2B06 010401D6 79020402 0482016D 04820169
01670075 00EECDD0 64D5DB1A CEC55CB7 9DB4CD13 A2328746 7CBCECDE C3514859
46711FB5 9B000001 8ACC7689 0B000004 03004630 44022052 B8E17472 0E047BE0
86DE68C3 433FC14D C3C405D3 B2C727FC 927F8AFD 65D35102 205E1F75 20F46CC1
CA3BC661 821EDDAC 99317809 2420268E 76A8E28A 9FC01C63 FA007700 48B0E36B
DAA64734 0FE56A02 FA9D30EB 1C5201CB 56DD2C81 D9BBBFAB 39D88473 0000018A
CC768902 00000403 00483046 022100AC 7E58CC7F E41DDB1D 1BAB0357 39DCC0E1
C1F9F4CE D90145F1 50BDF378 DC3C0002 2100AC52 0BAF326D B72C5B0B BA41C7ED
190C805D AE277FD8 55170404 B29FEF47 C0230075 00DAB6BF 6B3FB5B6 229F9BC2
BB5C6BE8 7091716C BB518485 34BDA43D 3048D7FB AB000001 8ACC7688 D9000004
03004630 44022015 93201A54 BEE19790 C30961C7 D60D67A9 533992B4 18FF42EA
E619502E 51C8BC02 206394B2 A36072C9 AE2BA180 D75D508D EC522CC6 ADE21C2C
3B63FABA 08CF0666 2A300D06 092A8648 86F70D01 010B0500 03820101 00B03ACE
985AF7A7 3D8489C1 84F1F908 F4EC11DD CBD700BF 35C6515D E8F52E5C 3277D860
1E34F7F9 AC46D8F2 902C0F8D BE63C0C2 92BFFDBC FF7E5B1C 8C04D3F0 AF304B39
E2232D02 3DE8285B E3AAF2E3 C6BD4BB4 63646CAD 3467024F 0B7EA095 3E03B3E4
28F1C902 2785E900 D8CBC4B9 E743036C 63EE3558 A70B1A14 9D18426A CE9636EA
A3CA7C05 51685075 48395940 1F66D30F 5C1D37FF A813D16C DDE96638 DEFCA6A5
CCDDA3D5 7FAC93C4 D111A98C 707AC527 DF964DF8 E8B080FB 13B552A5 2ED45E02
36BC3879 FB7370D5 DC35B9B1 A1DF1AD5 CB366680 8D75357E CBB83E99 78C1562F
17978B50 9033D126 DA79EE64 A565462E 58D16C31 652DDCF1 876A674F 0F
quit
certificate ca 0CF5BD062B5602F47AB8502C23CCF066
308204C8 308203B0 A0030201 0202100C F5BD062B 5602F47A B8502C23 CCF06630
0D06092A 864886F7 0D01010B 05003061 310B3009 06035504 06130255 53311530
13060355 040A130C 44696769 43657274 20496E63 31193017 06035504 0B131077
77772E64 69676963 6572742E 636F6D31 20301E06 03550403 13174469 67694365
72742047 6C6F6261 6C20526F 6F742047 32301E17 0D323130 33333030 30303030
305A170D 33313033 32393233 35393539 5A305931 0B300906 03550406 13025553
31153013 06035504 0A130C44 69676943 65727420 496E6331 33303106 03550403
132A4469 67694365 72742047 6C6F6261 6C204732 20544C53 20525341 20534841
32353620 32303230 20434131 30820122 300D0609 2A864886 F70D0101 01050003
82010F00 3082010A 02820101 00CCF710 624FA6BB 636FED90 5256C56D 277B7A12
568AF1F4 F9D6E7E1 8FBD95AB F2604115 70DB1200 FA270AB5 57385B7D B2519371
950E6A41 945B351B FA7BFABB C5BE2430 FE56EFC4 F37D97E3 14F5144D CBA710F2
16EAAB22 F0312211 61699026 BA78D997 1FE37D66 AB754495 73C8ACFF EF5D0A8A
5943E1AC B23A0FF3 48FCD76B 37C163DC DE46D6DB 45FE7D23 FD90E851 071E51A3
5FED4946 547F2C88 C5F4139C 97153C03 E8A139DC 690C32C1 AF16574C 9447427C
A2C89C7D E6D44D54 AF4299A8 C104C277 9CD648E4 CE11E02A 8099F043 70CF3F76
6BD14C49 AB245EC2 0D82FD46 A8AB6C93 CC625242 7592F89A FA5E5EB2 B061E51F
1FB97F09 98E83DFA 837F4769 A1020301 0001A382 01823082 017E3012 0603551D
130101FF 04083006 0101FF02 0100301D 0603551D 0E041604 14748580 C066C7DF
37DECFBD 2937AA03 1DBEEDCD 17301F06 03551D23 04183016 80144E22 54201895
E6E36EE6 0FFAFAB9 12ED0617 8F39300E 0603551D 0F0101FF 04040302 0186301D
0603551D 25041630 1406082B 06010505 07030106 082B0601 05050703 02307606
082B0601 05050701 01046A30 68302406 082B0601 05050730 01861868 7474703A
2F2F6F63 73702E64 69676963 6572742E 636F6D30 4006082B 06010505 07300286
34687474 703A2F2F 63616365 7274732E 64696769 63657274 2E636F6D 2F446967
69436572 74476C6F 62616C52 6F6F7447 322E6372 74304206 03551D1F 043B3039
3037A035 A0338631 68747470 3A2F2F63 726C332E 64696769 63657274 2E636F6D
2F446967 69436572 74476C6F 62616C52 6F6F7447 322E6372 6C303D06 03551D20
04363034 300B0609 60864801 86FD6C02 01300706 0567810C 01013008 06066781
0C010201 30080606 67810C01 02023008 06066781 0C010203 300D0609 2A864886
F70D0101 0B050003 82010100 90F170CB 28976997 7C74FDC0 FA267B53 ABADCD65
FDBA9C06 9C8AD75A 4387ED4D 4C565FAD C1C5B505 202E59D1 FF4AF5A0 2AD8B095
ADC92E4A 3BD7A7F6 6F8829FC 303F2484 BBC3B77B 93072CAF 876B7633 ED005552
B2599EE4 B9D0F3DF E70FFEDD F8C4B910 72810904 5FCF979E 2E32758E CF9A58D2
57317E37 0181B266 6D291AB1 66096DD1 6E90F4B9 FA2F0114 C55C5664 01D97D87
A838539F 8B5D466D 5CC62784 81D47E8C 8CA39B52 E7C688EC 377C2AFB F0555A38
7210D800 13CF4C73 DBAA3735 A8298169 9C76BCDE 187B90D4 CACFEF67 03FD045A
2116B1FF EA3FDFDC 82F5EBF4 5992230D 242A9525 4CCAA191 E6D4B7AC 8774B3F1
6DA399DB F9D5BD84 409F0798
quit
crypto pki certificate chain CUBE_CERT
crypto pki certificate chain TP_DigiCert_Global_Root_G2
crypto pki certificate chain TP_GeoTrust_TLS_RSA_CA_G1
certificate ca 0D07782A133FC6F9A57296E131FFD179
3082048D 30820375 A0030201 0202100D 07782A13 3FC6F9A5 7296E131 FFD17930
0D06092A 864886F7 0D01010B 05003061 310B3009 06035504 06130255 53311530
13060355 040A130C 44696769 43657274 20496E63 31193017 06035504 0B131077
77772E64 69676963 6572742E 636F6D31 20301E06 03550403 13174469 67694365
72742047 6C6F6261 6C20526F 6F742047 32301E17 0D313731 31303231 32323333
375A170D 32373131 30323132 32333337 5A306031 0B300906 03550406 13025553
31153013 06035504 0A130C44 69676943 65727420 496E6331 19301706 0355040B
13107777 772E6469 67696365 72742E63 6F6D311F 301D0603 55040313 1647656F
54727573 7420544C 53205253 41204341 20473130 82012230 0D06092A 864886F7
0D010101 05000382 010F0030 82010A02 82010100 BE17E8EC BE290ACB FEB92D61
31FD3324 08322E59 E821D4D8 30BE6E10 C884A03F BA14E5DE FD7A8C92 1B7BCE84
2DF0FF78 C432E8A9 A07D5F06 DA7B9B4B 53A6C61B 021721E1 703BADFB 83EB0854
81A8DE12 B2D5C688 9630F902 FC39D4BD B822EF80 4999D062 B861D049 DECBC2CB
97A53106 1BD7D85D C6D354DE 5201362A 0DF6DEC5 B6314CCC 15256A15 6FA96B04
480CDE00 41AA2880 8B2F34D3 1BB536AD 3B25D088 42406C36 916D65B2 1986C0D2
7F394658 FE301260 50DCEEBB 73E65790 5AF60DCA D7044B47 6A6F341A 9D92361A
2ED94E54 ED47AC0C BFF180B2 BAFF477B E939C454 C4945499 19F15799 AFE21422
5BE82EBB 632DBAAE 81BD13DC E6175BE0 90534901 02030100 01A38201 40308201
3C301D06 03551D0E 04160414 944FD45D 8BE4A4E2 A680FEFD D8F900EF A3BE0257
301F0603 551D2304 18301680 144E2254 201895E6 E36EE60F FAFAB912 ED06178F
39300E06 03551D0F 0101FF04 04030201 86301D06 03551D25 04163014 06082B06
01050507 03010608 2B060105 05070302 30120603 551D1301 01FF0408 30060101
FF020100 30340608 2B060105 05070101 04283026 30240608 2B060105 05073001
86186874 74703A2F 2F6F6373 702E6469 67696365 72742E63 6F6D3042 0603551D
1F043B30 393037A0 35A03386 31687474 703A2F2F 63726C33 2E646967 69636572
742E636F 6D2F4469 67694365 7274476C 6F62616C 526F6F74 47322E63 726C303D
0603551D 20043630 34303206 04551D20 00302A30 2806082B 06010505 07020116
1C687474 70733A2F 2F777777 2E646967 69636572 742E636F 6D2F4350 53300D06
092A8648 86F70D01 010B0500 03820101 00821C04 3A82E9C5 A9C86512 5C08E301
C630B0AE 2288617B 2B0786F7 B8B5449C F5930661 468A3AA2 B53526D0 589E3CC1
738FBFB1 79A71C99 379A53F2 2F5C6E20 0B7DB0C7 82EFEBEB 791205E7 01410B43
02379B1B 1F084D37 527329B8 9F35E3F9 A33A5975 0166902A 3E9DE062 291E87A8
803E2CC4 CC08C32E BF692118 6B8F1E6B 43CDEE06 984199B5 82F217C1 10A5AE58
8CFB95EA 4D82AFF3 775F1169 4F7851A6 DFF7BAC5 3F65BF70 7CA3ED5A 9A339D9E
3FE38735 A7DAF315 C658AD69 23DC0FBB 4CD04913 41A63F67 E15E13F5 0FF5D57C
85BF874C 82246122 57D1A59B FB8639AD C35C7966 6C07314B 2091ADA1 BE641900
EE1E1278 CE98F25F FB301469 3C2CFA97 C6
quit
voice-card 0
dsp services dspfarm
!
!
voice call send-alert
!
voice service voip
ip address trusted list
ipv4 10.108.92.10 255.255.255.255
ipv4 10.108.92.11 255.255.255.255
ipv4 89.149.158.0 255.255.255.0
ipv4 89.149.159.0 255.255.255.0
mode border-element
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
sip
header-passing
error-passthru
early-offer forced
midcall-signaling passthru
no call service stop
!
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g711alaw
codec preference 3 g729r8
!
!
voice class sip-profiles 101
request INVITE sip-header Allow-Header modify " UPDATE, " " "
request REINVITE sip-header Allow-Header modify " UPDATE, " " "
response 200 sip-header Allow-Header modify " UPDATE, " " "
response 180 sip-header Allow-Header modify " UPDATE, " " "
response 200 sip-header Remote-Party-ID remove
request INVITE sip-header P-Asserted-Identity remove
response 200 sip-header P-Asserted-Identity remove
!
voice class sip-profiles 2
request INVITE sip-header From copy "sip:0(.*)@" u01
request INVITE sip-header From modify "sip:.*@(.*)" "sip:+44\u01@\1"
request INVITE sip-header Contact modify "sip:.*@(.*)" "sip:+44\u01@\1"
request INVITE sip-header Remote-Party-ID modify "sip:.*@(.*)" "sip:+44\u01@\1"
!
!
voice class e164-pattern-map 3
description Inbound from GTT
e164 +441372671210
e164 +441372671211
e164 +441372671212
e164 +44173736....
!
!
voice class server-group 1
ipv4 10.108.92.10 preference 1
ipv4 10.108.92.11 preference 2
description callmanagers
!
voice class server-group 2
ipv4 89.149.158.167 port 5061
ipv4 89.149.159.167 port 5061
description GTT SIP SBC's
!
voice class sip-options-keepalive 1
description Server Group SIP OPTIONS PING
!
!
voice iec syslog
!
!
voice translation-rule 20
rule 1 reject XXXXXXXXXXX
!
voice translation-rule 30
rule 1 /^0\(.*\)/ /+44\1/
!
voice translation-rule 40
rule 1 /^\+44\(.*\)/ /0\1/
!
!
voice translation-profile Add_+44
translate called 30
!
voice translation-profile Replac_+_with_0
translate called 40
!
voice translation-profile call_block
translate calling 20
!
!
!
vxml logging-tag
license udi pid CISCO2911/K9 sn YYYYYYYYY
license boot module c2900 technology-package securityk9
hw-module pvdm 0/0
!
!
!
archive
path flash:IPTGATEWAY1-config
maximum 5
username admin privilege 15 password 7 YYYYYYYYYYYY
username svc_cisco privilege 15 password 7 YYYYYYYYYYYYY
!
redundancy
!
!
!
!
!
controller E1 0/0/0
shutdown
pri-group timeslots 1-31 service mgcp
description *ISDN30 - PSTN 2 - 8 31-60*
!
controller E1 0/0/1
shutdown
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 10.108.92.5 255.255.252.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
description Link to GTT for teams calls
ip address 0.0.0.0 255.255.255.192
duplex auto
speed auto
!
interface GigabitEthernet0/2
ip address 10.0.34.18 255.255.255.248
duplex auto
speed auto
!
interface Serial0/0/0:15
no ip address
encapsulation hdlc
shutdown
no cdp enable
isdn switch-type primary-net5
isdn incoming-voice voice
isdn bind-l3 ccm-manager
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 10.108.92.1
ip route 89.149.158.160 255.255.255.240 81.144.233.129
ip route 89.149.159.160 255.255.255.240 81.144.233.129
ip route 100.80.0.81 255.255.255.255 10.0.34.17
ip route 100.80.0.82 255.255.255.255 10.0.34.17
ip route 100.80.3.185 255.255.255.255 10.0.34.17
ip route 100.80.3.186 255.255.255.255 10.0.34.17
!
ip access-list extended SIP
permit ip any any
!
logging trap debugging
logging facility local6
logging host 10.108.104.40
!
!

!
control-plane
!
!
voice-port 0/0/0:15
cptone GB
shutdown
!
!
!
!
!
mgcp
mgcp call-agent 10.108.92.11 2427 service-type mgcp version 0.1
mgcp dtmf-relay voip codec all mode out-of-band
mgcp rtp unreachable timeout 1000 action notify
mgcp modem passthrough voip mode nse
mgcp package-capability rtp-package
mgcp package-capability sst-package
mgcp package-capability pre-package
no mgcp package-capability res-package
no mgcp timer receive-rtcp
mgcp sdp simple
mgcp fax t38 inhibit
mgcp bind control source-interface GigabitEthernet0/0
mgcp bind media source-interface GigabitEthernet0/0
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
sccp local GigabitEthernet0/0
sccp ccm 10.108.92.10 identifier 1 version 7.0
sccp ccm 10.108.92.11 identifier 2 version 7.0
sccp
!
sccp ccm group 1
bind interface GigabitEthernet0/0
associate ccm 1 priority 1
associate ccm 2 priority 2
associate profile 3 register Gateway_1_secur
associate profile 1 register Gateway1_XCODE
!
ccm-manager music-on-hold
!
ccm-manager redundant-host 10.108.92.10
ccm-manager mgcp
no ccm-manager fax protocol cisco
ccm-manager config server 10.108.92.11
ccm-manager config
!
dspfarm profile 1 transcode
codec g729abr8
codec g729ar8
codec g711alaw
codec g711ulaw
maximum sessions 80
associate application SCCP
shutdown
!
dspfarm profile 2 transcode
codec g729abr8
codec g729ar8
codec g711alaw
codec g711ulaw
maximum sessions 80
associate application CUBE
!
dspfarm profile 3 transcode universal security
trustpoint sip-trustpoint
codec g729abr8
codec g729ar8
codec g711alaw
codec g711ulaw
maximum sessions 50
associate application CUBE
!
dial-peer voice 2001 voip
description ***** Outbound Calls to Gamma Telecom DC2N18HTQ61078_A1 *****
call-block translation-profile incoming call_block
huntstop
preference 2
destination-pattern 0T
session protocol sipv2
session target ipv4:100.80.0.81
incoming called-number 0%
voice-class codec 1
voice-class sip early-offer forced
voice-class sip profiles 101
dtmf-relay rtp-nte sip-notify
fax rate 9600
ip qos dscp cs3 signaling
no vad
!

dial-peer voice 2 voip
description Outbound PSTN calls via GTT
translation-profile outgoing Add_+44
huntstop
destination-pattern 07769165019
session protocol sipv2
session transport tcp tls
session server-group 2
voice-class codec 1
voice-class sip early-offer forced
voice-class sip profiles 2
voice-class sip bind control source-interface GigabitEthernet0/1
voice-class sip bind media source-interface GigabitEthernet0/1
dtmf-relay rtp-nte sip-notify
srtp
fax rate 9600
ip qos dscp cs5 media
ip qos dscp cs3 signaling
no vad
!
dial-peer voice 3 voip
description inbound from GTT
translation-profile incoming Replac_+_with_0
session protocol sipv2
session transport tcp tls
incoming called e164-pattern-map 3
voice-class codec 1
voice-class sip early-offer forced
voice-class sip profiles 101
voice-class sip options-keepalive
voice-class sip bind control source-interface GigabitEthernet0/1
voice-class sip bind media source-interface GigabitEthernet0/1
dtmf-relay rtp-nte sip-notify
fax rate 9600
ip qos dscp cs5 media
ip qos dscp cs3 signaling
no vad
!
dial-peer voice 1 voip
description incoming dial peer from cucm
session protocol sipv2
session transport udp
incoming called-number .
voice-class codec 1
voice-class sip bind control source-interface GigabitEthernet0/0
voice-class sip bind media source-interface GigabitEthernet0/0
dtmf-relay rtp-nte sip-notify
fax rate 9600
ip qos dscp cs5 media
no vad
!
!
sip-ua
transport tcp tls v1.2
crypto signaling default trustpoint sip-trustpoint
!
!
!
gatekeeper
shutdown
!
alias exec i show ip int brief
alias exec r show run
alias exec ri show run | include
alias exec tm term mon
alias exec tnm term no mon
alias exec rs show run | section
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output none
stopbits 1
line vty 0 4
exec-timeout 60 0
logging synchronous
login local
transport input ssh
line vty 5 15
login
transport input ssh
!
scheduler allocate 20000 1000
ntp server 10.108.104.10 prefer
ntp server 10.108.104.11
!
end

IPTGATEWAY1#

Please don't post configs and logs directly here. This makes the thread soooo long and unreadable in the end. Save them in a txt-file and upload the file.

Which trustpoint contains the cert of the provider? Is it "sip-trustpoint"?
Do you still need the dspfarm profiles 1 and 2? If no, I would delete them and the sccp config to keep the whole config clean.

In dspfarm profile 3, you don't need the trustpoint command.

And what about some general things:
Do you see now a secure TLS connection to the provider? "show sip-ua connection tcp tls brief | detail"
What do the logs say?

sorry. Well as an update, we have made progress in so much as calls can be made and connected - no audio though so checking firewalls. I'll update once we are confident we are good but for now - thanks

 

Then I would say, you have a different issue. It seems that the TLS establishement and SIP signalling is working fine now.
If yes, then it would be better to "close" this thread and open a new one, if you need help with the audio issues.